Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: xp antivirus

  1. #1
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default xp antivirus

    10 minutes ago i have downloaded a new variant of xp antivirus and is not detected by spybot neither antivir nor clamAV :( . But i can't send these files over gmail even though i have zipped and set a password to the zip file. It looks impossible for me to send the samples to spybot. I have tried to send other undetected samples before but i again wasn't able to :( Please advise.
    DOCTUS.ORG Turkish security forum

  2. #2
    Junior Member
    Join Date
    Sep 2008
    Posts
    3

    Default

    Darn, this is pretty tough rogue malware. (Why the heck did you download the varient without reading user experiences first !!)

    Alright, this is gonna take some major steps.

    Follow http://forum.avast.com/index.php?topic=38157.msg319553#msg319553 for some info on removing it. There is a blog link that I posted there than has more manual remove things.

    Also follow http://forum.avast.com/index.php?topic=38254.0 .

    If you can, (I dunno if you can do it on Safer-Networking forums,) post a HiJackThis log.
    Please do NOT post hjt logs in the Spybot forum,

    Post back ASAP. This new variant is really difficult for anti-malware to remove.
    Last edited by tashi; 2008-09-01 at 06:57. Reason: edit

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,482

    Default

    Hello Happy-Dude,

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    As you will see, we do not encourage members to apply fixes given to another user. All help in the malware forum is provided one on one.

    FYI, dj.turkmaster is collecting files for our detectives' attention.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    Happy-Dude:
    I am also a hijackthis analyzer I didn't get infected I only have the sample.

    Tashi:
    When we discussed this xp antivirus malware in our forums we have seen that there are lots of variants of this malware. For example my friend has 3 samples and these are the virustotal results:
    http://www.virustotal.com/tr/analisi...4028551e9ec507
    http://www.virustotal.com/tr/analisi...0f55cf7215387d
    http://www.virustotal.com/analisis/9...46e5b5e7eb807e

    and this is the one which i have downloaded last night:
    http://www.virustotal.com/tr/analisi...df86f9e76b86b1

    Any advice of how i can send these samples to the detectives?
    DOCTUS.ORG Turkish security forum

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,482

    Default

    Hi dj.turkmaster,
    Quote Originally Posted by dj.turkmaster View Post
    But i can't send these files over gmail even though i have zipped and set a password to the zip file.
    Is gmail preventing your sending the files, or is gmail not being accepted our end?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    Hi Tashi,
    It gives an error saying "setup.zip contains an executable file. For security reasons gmail does not allow you to send this type of file"
    As I have said before it is zipped and password protected and inside the zip there is an .exe file.
    DOCTUS.ORG Turkish security forum

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,482

    Default

    Hi there,

    You don't have another email address you can use other than gmail?
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  8. #8
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    I only have gmail tashi. But now I have sent the mail by using my brother's hotmail adress. I didn't want to use his adress. Well whatever i have sent it. I also scanned the while at virustotal, virscan.org and jotti. Do you get samples from there and even if you get the samples, is sending the file directly to detections(at)spybot.info a better way?
    DOCTUS.ORG Turkish security forum

  9. #9
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,482

    Default

    Hello,

    Vendors share certain lists, but a detective would be the best one to answer your question so I left a message for their attention.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  10. #10
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default

    Quote Originally Posted by dj.turkmaster View Post
    I only have gmail tashi. But now I have sent the mail by using my brother's hotmail adress. I didn't want to use his adress. Well whatever i have sent it. I also scanned the while at virustotal, virscan.org and jotti. Do you get samples from there and even if you get the samples, is sending the file directly to detections(at)spybot.info a better way?
    while=file btw :D I dont know why i wrote like that :D
    Well thanks for your help tashi. I think I will have to use my brother's mail adress for sending samples from now on.
    DOCTUS.ORG Turkish security forum

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •